Generating representative Web workloads for network and server performance evaluation
SIGMETRICS '98/PERFORMANCE '98 Proceedings of the 1998 ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
Quality is in the eye of the beholder: meeting users' requirements for Internet quality of service
Proceedings of the SIGCHI conference on Human Factors in Computing Systems
A non-instrusive, wavelet-based approach to detecting network performance problems
IMW '01 Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement
Detection and analysis of routing loops in packet traces
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
A framework for classifying denial of service attacks
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
How Does TCP Generate Pseudo-Self-Similarity?
MASCOTS '01 Proceedings of the Ninth International Symposium in Modeling, Analysis and Simulation of Computer and Telecommunication Systems
Why do internet services fail, and what can be done about it?
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Wavelet analysis of long-range-dependent traffic
IEEE Transactions on Information Theory
Packet-level traffic measurements from the Sprint IP backbone
IEEE Network: The Magazine of Global Internetworking
Remote detection of bottleneck links using spectral and statistical methods
Computer Networks: The International Journal of Computer and Telecommunications Networking
A cascade architecture for DoS attacks detection based on the wavelet transform
Journal of Computer Security
Discrete wavelet transform-based time series analysis and mining
ACM Computing Surveys (CSUR)
ICDM'06 Proceedings of the 6th Industrial Conference on Data Mining conference on Advances in Data Mining: applications in Medicine, Web Mining, Marketing, Image and Signal Mining
| Hi-index | 0.00 |
An increasing number of misconfigurations and malicious behaviors threaten the normal operation conditions of data networks. Thus, field engineers are constantly presented with the challenge of isolating new misconfigurations and anomalies. In this paper, we present a group of real-world problems reported by a set of six commercial networks we surveyed. Successively, we focus on a well-defined family of misconfigurations. Our analysis identifies common properties such anomalous behaviors share. Misconfigured TCP flows experience packet losses and RTO-based (Retransmission Time-Out) events during the opening phase of the TCP connection ("Early RTO Events"). This introduces precise correlations in misconfigured traffic that we utilize as a "signature" in order to isolate the presence of anomalies. We propose a wavelet-based algorithm that is capable of revealing such a family of anomalies from the analysis of MIB data aggregating healthy and anomalous flows. Simulation and the use of real datasets from a commercial network allow us to quantitatively assess the effectiveness of our detection procedure. Numerical results show that our algorithm can effectively isolate the presence of an anomalous traffic component that is a minimal percentage of the overall link throughput. Therefore, our approach provides a general and highly sensitive misconfiguration detection instrument.